On Tue, Feb 17, 2004 at 10:39:27AM -0500, A. Wright wrote: > Is there a way with pf to "wash" these ambiguities (window size, syn packet > size, etc) away so that all outgoing TCP packets look the same? Maybe even > set them to user-defined variables, as we already can with 'max-mss' and
The most effective way to do this is to run in proxy mode: Don't allow your internal machines to make direct connections at all. Turn ip forwarding off on your firewall, and install squid, socks5, etc. Set up sendmail as a mail relay and named as a caching-only server for your inside boxes, and you're all set. This way, all connections come from your firewall box and have it's fingerprint. If you're really paranoid, you'll use the proxies to scrub identifying information (browser User Agent strings, etc.). Or you might decide this is all too much trouble, and just get an ISP with a decent EULA. -Ryan
